Web News, Technology, Science, etc
网络技术是从1990年代中期发展起来的新技术,它把互联网上分散的资源融为有机整体,实现资源的全面共享和有机协作,使人们能够透明地使用资源的整体能力并按需获取信息。
脸书网(Facebook)公开重定向(Open Redirect)计算机网络安全网站漏洞
Facebook Old Generated URLs Still Vulnerable to Open Redirect Attacks & A New Open Redirect Security Vulnerability
(1) General Vulnerabilities Description:(1.1) Two Facebook vulnerabilities are introduced in this article.
Facebook has a security problem. It can be exploited by Open Redirect attacks. Since Facebook is trusted by large numbers of other websites. Those vulnerabilities can be used to do “Covert Redirect” to other websites such as Amazon, eBay, etc.(1.1.1)
One Facebook Open Redirect vulnerability was reported to Facebook. Facebook adopted a new mechanism to patch it. Though the reported URL redirection vulnerabilities are patched. However, all old generated URLs are still vulnerable to the attacks. Section (2) gives detail of it.The reason may be related to Facebook’s third-party interaction system or database management system or both. Another reason may be related to Facebook’s design for different kind of browsers.
(1.1.2) Another new Open Redirect vulnerability related to Facebook is introduced, too. For reference, please read section (3).
Tests were performed on Firefox (version 26.0) on windows 7; Firefox (version 24.0) on Ubuntu 12.10, Chrome (Version 30.0.1599.114) on Ubuntu 12.10.
Discover:
Wang Jing, School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore.
http://www.tetraph.com/wangjing/POC Video:
https://www.youtube.com/watch?v=VvhmxfKt85Q&feature=youtu.beBlog Details:
http://securityrelated.blogspot.com/2015/01/facebook-old-generated-urls-still.html
评论